Three-arg open() (Migrating to Modern Perl)

I can forgive novices for writing clunky Perl code because they're following the example of far too many books and tutorials. If you date the Perl Renaissance to the year 2000 (as I do), then you can identify code written before that point and code written after that point.

If modern Perl is safer or easier or clearer or simpler or cleaner to write than legacy Perl, then it should be possible to explain how and why to use modern features in lieu of older features.

For example....

Three-argument open()

There are two forms of the open() function in Perl 5. The modern version takes three arguments: the filehandle to open or vivify, the mode of the filehandle, and the name of the file.

The legacy version has two arguments, only the filehandle and the name of the file. The mode of the file comes from the filename; if the filename starts (or ends) with any of several special characters, open() parses them off and uses them.

If you accidentally use a filename with those special characters with the
two-arg form of open(), your code will not behave as you expect.
This is especially a problem if you're not careful about sanitizing user input,
and if any user input ever becomes part of a filename. Consider:

open my $fh, ">$filename" # INSECURE CODE; do not use
or die "Can't write to '$filename': $!\n";

While this code appears to open $filename for writing, an
insecure $filename could start with > to force
appending mode, or - to open STDOUT (though I suspect you have to
work really hard to force this). Likewise, code without any explicit mode in
the second and final parameter is susceptible to any special mode
characters.

Extracting file modes into a separate parameter to this function prevents
Perl from parsing the filename at all and removes the possibility for this
unintentional behavior. As Damian Conway has mentioned, using a separate file
mode parameter also makes the intention of the code clearer:

The modern version of this code is safer and clearer, and it's been
available since Perl 5.6.0, released on 22 March 2000. There's no reason not
to use the modern version. (If you need your code to run on Perl 5.005, try a
core module such as IO::Handle. If you need
your code to run on older versions of Perl 5, you have my sympathy.)

Tags:

2 Comments

What if I want the magic - behavior? I think it would be silly to recode it with a three-argument open. Adding a space before the filename and never using the implied < goes a long way towards addressing your concerns.